Data Privacy

It was reported that data from Apple’s Health App had provided crucial evidence in a recent trial involving a refugee accused of rape and murder. The police suggested that the steps recorded by the Health App in the suspect’s phone may help confirm his activity. Hussein K, the accused, is said to have dragged his victim down the River Dresiam and climbed back up. The refugee admitted to only some of the details in the rape and murder of 19-year old medical student Maria Ladenburger which happened in October 2016. Source: BBC

A researcher from F-Secure recently found a flaw in Intel’s Active Management Technology (AMT) which can allow an attacker to bypass security measures such as BIOS passwords, BitLocker credentials, and TPM pins. The security bug can be used by attackers to gain access to corporate computers provisioned with Intel AMT, which is a CPU feature that allows system admins to perform remote out-of-band management without needing physical access to the device. The researcher, Harry Sintonen said that the attacker can select the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, to bypass any previous BIOS, BitLocker, or TPM […]

It was been reported that the Cyberspace Administration of China (CAC) had berated Alibaba’s payment affiliate, Ant Financial, for compromising the privacy of Alipay service users who got enrolled automatically into the company’s credit scoring system without their consent. Some users were apparently unaware that they had to uncheck an opt out button on a financial analysis feature by Alipay. Data of users who did not opt out were collected by Sesame Credit and shared with its partners for analysis. Nie Zhengjun, Ant Financial’s chief privacy officer, apologized for the breach and said that the company had already initiated […]

In a security update posted last Tuesday, Adobe informed its users of a new patch for Flash Player that addresses an information leak issue. The CVE-2018-4871 is a security vulnerability which can be exploited by hackers to extract leaked sensitive information from a system. The bug impacts computers running Windows, Linux, and Mac OS, as well as those that use Chrome, Edge, and Internet Explorer 11. Adobe encouraged users not to decline the automatic updates. Source: ZDNet

Last Monday, the Wi-Fi Alliance announced that its next-generation wireless security protocol WPA3, is ready to replace its decades-old predecessor WPA2. The Alliance, which includes Apple, Microsoft, and Qualcomm as its members, revealed that WPA3 will use individualized data encryption. This is expected to solve a common security problem with open Wi-Fi networks by scrambling the connection between a device and the router. WPA3 will also be able to protect against brute-force dictionary attacks and will block attackers after a number of failed password attempts. It is said that the new protocol could not have come soon enough, since a […]

Apple recently confirmed that Meltdown and Spectre, the two chip-level security vulnerabilities, also affect all Macs, iPhones, and iPads. Patches for the Meltdown bug has already been released, but it may take a few days before a fix for Spectre is released. However, Apple owners were assured in a blog post that there were no known exploits that can affect customer in the meantime. As the vulnerabilities affect almost any device that use an Intel or ARM processors, Google, Microsoft, and other companies have already released their respective fixes. A security researcher also published a list of online antivirus products. […]

The recent discovery of a vulnerability in Intel CPUs have roused tech giants Microsoft, Amazon, and Google into action to prevent the exploitation of the hardware-level security bug. In reaction to the Meltdown and Spectre flaws which were publicly revealed last Tuesday, Microsoft said that they have deployed mitigations to cloud services and rolled out security updates for Windows, Edge and Internet Explorer browsers, and Surface devices. Google, who first alerted Intel about the vulnerability, said that it had already updated its public cloud service without the need for forced restarts or maintenance windows. Meanwhile, Amazon informed its customers that […]

It was recently revealed that a number of high tech security measures had been installed in Sydney Cricket Ground. The system is said to include around 820 cameras equipped with facial recognition technology which is linked to the Transport Management Centre and the NSW Police operations centre. SCG Trust chief executive Jamie Barkley said that they have invested significantly on security technology to provide airport-style levels of safety for sports fans. SCG security manager Luke Schibeci meanwhile said that they wish to further understand how the technology can better protect venues, workers, and patrons from terrorism. Source: ZDNet

Late last Thursday, Microsoft issued emergency fixes for two major security flaws found in processors released since 1995. The “Meltdown” and “Spectre” can be exploited by attackers to access information in the computer’s memory. However, the attacks have not been seen in the wild, and researchers say that they are impossibly difficult to leverage. Software and hardware companies however, have already acted and released fixes for both, although Microsoft warned that their fixes may be incompatible with some antiviruses and may lead to BSODs. Source: Bleeping Computer

Last Wednesday, security researchers revealed two critical flaws in Intel processors that are said to have been present as early as 20 years ago. The two CPU bugs, called “Meltdown” and “Spectre” affects almost every system that uses Intel chips since 1995. In a paper, the researchers established that an attacker can use the vulnerabilities to steal data from the memory of running apps, including sensitive information such as password managers, browsers, emails, and photos and documents. Linux developers have announced that they are planning a redesign to deal with the vulnerabilities, while AMD released a statement saying that […]

Subscribe to Elegal

Contact Us

Need more information on Philippine laws and legal updates? Contact us at elegal@disini.ph

About Us

This blog is the embodiment of a vision we have at Disini & Disini (D&D) of an IT empowered citizenry where we, as a people, harness information available through the internet to bridge the gaps where there may be lapses. As part of our advocacy, we take full advantage of the accessibility of cyberspace by developing this blog.